Public key cryptography and PKIs Shortcomings of symmetric key Establishing a pairwise key requires a key exchange, which requires both parties K K to be online Issue #1: Requires pairwise key exchanges

File downloads Email / chat

One-to-many: All-to-all: O(N) key O(N2) key exchanges exchanges Shortcomings of symmetric key Establishing a pairwise key requires a key exchange, which requires both parties K K to be online Issue #2: Parties must be online

Blue user uploads a document, then goes File downloads offline (e.g., forever)

Later, a yellow user wants One-to-many: to get a copy; how can O(N) key it know the copy is really exchanges from the blue user? Shortcomings of symmetric key Establishing a pairwise key requires a key exchange, which requires both parties K K to be online Issue #3: How do you know to whom you’re talking?

Diffie-Hellman is resilient to eavesdropping, but not tampering

vs

K K K1 K1 K2 K2 A protocol that solves this with trust

Trent: A trusted third party

Alice Bob A protocol that solves this with trust

Trent: A trusted third party

KAT KBT Alice Bob

KAT KBT

1. Everybody establishes a pairwise key with Trent Good: O(N) key exchanges A protocol that solves this with trust

Trent: A trusted third party

KAT KBT Alice Bob

KAT KBT

1. Everybody establishes a pairwise key with Trent Good: O(N) key exchanges 2. Trent validates each user’s identity; includes in message Good: Authenticated communication A protocol that solves this with trust

Trent: A trusted third party

E(KAT, msg || to:Bob)

KAT KBT Alice Bob

KAT KBT

1. Everybody establishes a pairwise key with Trent Good: O(N) key exchanges 2. Trent validates each user’s identity; includes in message Good: Authenticated communication A protocol that solves this with trust

Trent: A trusted third party

E(KAT, msg || to:Bob) E(KBT, msg || from:Alice)

KAT KBT Alice Bob

KAT KBT

1. Everybody establishes a pairwise key with Trent Good: O(N) key exchanges 2. Trent validates each user’s identity; includes in message Good: Authenticated communication A protocol that solves this with trust

Trent: A trusted third party

E(KAT, msg || to:Bob) E(KBT, msg || from:Alice)

KAT KBT Alice Bob

KAT KBT

1. Everybody establishes a pairwise key with Trent Good: O(N) key exchanges 2. Trent validates each user’s identity; includes in message Good: Authenticated communication Bad: All messages get sent through Trent What are we trusting Trent not to do? Just as “secure” meant nothing without an attack model, “trusted” means nothing without a trust model

E(KAT, msg || to:Bob) E(KBT, msg || from:Alice)

KAT KBT Alice Bob

KAT KBT What are we trusting Trent not to do? Just as “secure” meant nothing without an attack model, “trusted” means nothing without a trust model

(Oh wow, “msg”!)

E(KAT, msg || to:Bob) E(KBT, msg || from:Alice)

KAT KBT Alice Bob

KAT KBT

1. Do not read messages What are we trusting Trent not to do? Just as “secure” meant nothing without an attack model, “trusted” means nothing without a trust model

E(KAT, msg || to:Bob) E(KBT, msg’ || from:Alice)

KAT KBT Alice Bob

KAT KBT

1. Do not read messages 2. Do not alter messages What are we trusting Trent not to do? Just as “secure” meant nothing without an attack model, “trusted” means nothing without a trust model

…nothing… E(KBT, msg’ || from:Alice)

KAT KBT Alice Bob

KAT KBT

1. Do not read messages 2. Do not alter messages 3. Do not forge messages What are we trusting Trent not to do? Just as “secure” meant nothing without an attack model, “trusted” means nothing without a trust model

E(KAT, msg || to:Bob) ….

KAT KBT Alice Bob

KAT KBT

1. Do not read messages 2. Do not alter messages 3. Do not forge messages 4. Do not go offline Public key encryption A public key encryption scheme comprises three algorithms

Key generation G This is a randomized algorithm • Inputs (nondeterministic output) • Source of randomness • Maximum key length L Difficult to infer SK from PK • Outputs: a key pair Only one person should know SK; • PK = public key PK should be public to all • SK = secret key

PK and SK are intrinsically bound together: for a given PK, there is a single corresponding SK Example: RSA’s public keys are a pair: (exponent, modulus) Public key encryption A public key encryption scheme comprises three algorithms

Encryption E(PK, msg) This is a randomized algorithm • Inputs (vanilla RSA is deterministic; • Public key PK in practice, RSA-PKCS is used • Message msg of instead, which adds a nonce fixed size to the message) • Outputs: a cipher text c same size as msg PK a.k.a. “Encryption key”

Anyone who knows Alice’s PK can encrypt a message to her… Public key encryption A public key encryption scheme comprises three algorithms

Decryption D(SK, c) This is a deterministic algorithm • Inputs Should always return the • Secret key SK original message • Cipher text c • Outputs: original msg

…but only Alice can decrypt that message Public key encryption A public key encryption scheme comprises three algorithms

Correctness Key generation G → PK = public key D(SK, E(PK, m)) = m → SK = secret key Security Encryption E(PK, m) → cipher text c E(PK, m) should appear random (small change to (PK,m) leads to large changes to c) Decryption D(SK, c) → original msg E() should approximate a one-way trapdoor function: cannot invert without access to SK Protocols with public key encryption Goal: deliver a confidential message

Symmetric key

Email / chat

All-to-all: O(N2) key exchanges Protocols with public key encryption Goal: deliver a confidential message

Symmetric key Generate public/private key pair (PK,SK) Email / chat Annouce PK publicly (on website, in newspaper, …)

All-to-all: O(N2) key exchanges Protocols with public key encryption Goal: deliver a confidential message

Symmetric key Generate public/private key pair (PK,SK) Email / chat Annouce PK publicly (on website, in newspaper, …)

Obtain PK

Send c = E(PK, msg)

All-to-all: O(N2) key exchanges Protocols with public key encryption Goal: deliver a confidential message

Symmetric key Generate public/private key pair (PK,SK) Email / chat Annouce PK publicly (on website, in newspaper, …)

Obtain PK

Send c = E(PK, msg)

All-to-all: O(N2) key Decrypt D(SK, c) = msg exchanges Protocols with public key encryption Goal: deliver a confidential message

Symmetric key Generate public/private key pair (PK,SK) Email / chat Annouce PK publicly (on website, in newspaper, …)

Obtain PK

Send c = E(PK, msg)

All-to-all: O(N2) key Decrypt D(SK, c) = msg exchanges O(N) keys in total Overcoming fixed message sizes

Encryption E(PK, msg) • Inputs • Public key PK Like block ciphers, • Message msg of but there are not fixed size “modes” of public • Outputs: a cipher text c key encryption same size as msg Overcoming fixed message sizes

Encryption E(PK, msg) • Inputs • Public key PK Like block ciphers, • Message msg of but there are not fixed size “modes” of public • Outputs: a cipher text c key encryption same size as msg

Public key operations are slooooow! Overcoming fixed message sizes

Encryption E(PK, msg) • Inputs • Public key PK Like block ciphers, • Message msg of but there are not fixed size “modes” of public • Outputs: a cipher text c key encryption same size as msg

Public key operations are slooooow! Symmetric key operations are fast Hybrid encryption Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK

Obtain PK Generate symmetric key K

Compute cmsg = e(K, msg)

Compute cK = E(PK, K) Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK

Obtain PK Generate symmetric key K

Symm key Compute cmsg = e(K, msg)

Public key Compute cK = E(PK, K) Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK

Obtain PK Generate symmetric key K

Symm key Compute cmsg = e(K, msg)

Public key Compute cK = E(PK, K) Now throw away K Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK

Obtain PK Generate symmetric key K

Symm key Compute cmsg = e(K, msg)

Public key Compute cK = E(PK, K) Now throw away K

Send cK || cmsg Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK

Obtain PK Generate symmetric key K

Symm key Compute cmsg = e(K, msg)

Public key Compute cK = E(PK, K) Now throw away K

Send cK || cmsg

Decrypt D(SK, cK) = K

Decrypt d(K, cmsg) = msg Hybrid encryption

Generate public/private key pair (PK,SK); publicize PK

Obtain PK Generate symmetric key K

Symm key Compute cmsg = e(K, msg)

Public key Compute cK = E(PK, K) Now throw away K

Send cK || cmsg

Public key Decrypt D(SK, cK) = K

Decrypt d(K, cmsg) = msg Symm key Hybrid encryption

Obtain PK Generate symmetric key K

Compute cmsg = e(K, msg)

Compute cK = E(PK, K)

Send cK || cmsg

The easy key distribution of public key

The speed and arbitrary message length of symmetric key Protocols with public key cryptography Goal: determine from whom a message came

Symmetric key Ideally, a user (blue) could post a File downloads message (e.g., sensitive documents or a kernel update), and then go offline

And downloaders (yellow) could subsequently infer the message’s authenticity without having to have One-to-many: already established a pairwise O(N) key key with the publisher exchanges Digital signatures A scheme comprises two algorithms

Signing function Sgn(SK, m) • Inputs • Secret key SK • Fixed-length message • Outputs: a signature s Digital signatures A digital signature scheme comprises two algorithms

Signing function Sgn(SK, m) This is a randomized algorithm (nondeterministic output) • Inputs • Secret key SK • Fixed-length message • Outputs: a signature s Digital signatures A digital signature scheme comprises two algorithms

Signing function Sgn(SK, m) This is a randomized algorithm (nondeterministic output) • Inputs • Secret key SK SK a.k.a. “Signing key” • Fixed-length message • Outputs: a signature s Digital signatures A digital signature scheme comprises two algorithms

Signing function Sgn(SK, m) This is a randomized algorithm (nondeterministic output) • Inputs • Secret key SK SK a.k.a. “Signing key” • Fixed-length message Only one person can sign with • Outputs: a signature s a given (PK,SK) pair Digital signatures A digital signature scheme comprises two algorithms

Signing function Sgn(SK, m) This is a randomized algorithm (nondeterministic output) • Inputs • Secret key SK SK a.k.a. “Signing key” • Fixed-length message Only one person can sign with • Outputs: a signature s a given (PK,SK) pair

Verification function Vfy(PK, m, s) • Inputs • Public key PK • Message and signature • Outputs: Yes/No if valid (m,s) Digital signatures A digital signature scheme comprises two algorithms

Signing function Sgn(SK, m) This is a randomized algorithm (nondeterministic output) • Inputs • Secret key SK SK a.k.a. “Signing key” • Fixed-length message Only one person can sign with • Outputs: a signature s a given (PK,SK) pair

Verification function Vfy(PK, m, s) Deterministic algorithm • Inputs • Public key PK • Message and signature • Outputs: Yes/No if valid (m,s) Digital signatures A digital signature scheme comprises two algorithms

Signing function Sgn(SK, m) This is a randomized algorithm (nondeterministic output) • Inputs • Secret key SK SK a.k.a. “Signing key” • Fixed-length message Only one person can sign with • Outputs: a signature s a given (PK,SK) pair

Verification function Vfy(PK, m, s) Deterministic algorithm • Inputs • Public key PK Anyone with the PK • Message and signature can verify • Outputs: Yes/No if valid (m,s) Digital signatures A digital signature scheme comprises two algorithms

Signing Sgn(SK, m) Verification Vfy(PK, m, s) → a signature s → Yes/No if valid (m,s)

Correctness Vfy(PK, m, Sgn(SK, m)) = Yes

Security Same as with MACs: even after a chosen plaintext attack, the attacker cannot demonstrate an existential forgery Protocols with digital signatures Goal: determine from whom a message came

Symmetric key Generate public/private File downloads key pair (PK,SK) Annouce PK publicly (on website, in newspaper, …)

One-to-many: O(N) key exchanges Protocols with digital signatures Goal: determine from whom a message came

Symmetric key Generate public/private File downloads key pair (PK,SK) Annouce PK publicly (on website, in newspaper, …)

Compute sig = Sgn(SK, msg)

One-to-many: O(N) key exchanges Protocols with digital signatures Goal: determine from whom a message came

Symmetric key Generate public/private File downloads key pair (PK,SK) Annouce PK publicly (on website, in newspaper, …)

Compute sig = Sgn(SK, msg)

Publish msg || sig One-to-many: O(N) key exchanges Protocols with digital signatures Goal: determine from whom a message came

Symmetric key Generate public/private File downloads key pair (PK,SK) Annouce PK publicly (on website, in newspaper, …)

Compute sig = Sgn(SK, msg)

Publish msg || sig One-to-many: can now go offline! O(N) key exchanges Protocols with digital signatures Goal: determine from whom a message came

Symmetric key Generate public/private File downloads key pair (PK,SK) Annouce PK publicly (on website, in newspaper, …)

Compute sig = Sgn(SK, msg)

Publish msg || sig One-to-many: can now go offline! O(N) key exchanges Obtain PK, msg || sig Vfy(PK, msg, sig) Digital signature properties Digital signature properties

Bob can prove that a message Authenticity signed by Alice is truly from Alice (even without a pairwise key) Digital signature properties

Bob can prove that a message Authenticity signed by Alice is truly from Alice (even without a pairwise key)

Bob can prove that no one has Integrity tampered with a signed message Digital signature properties

Bob can prove that a message Authenticity signed by Alice is truly from Alice (even without a pairwise key)

Bob can prove that no one has Integrity tampered with a signed message

Once Alice signs a message, she Non-repudiation cannot subsequently claim she did not sign that message Do handwritten signatures at the end of a letter have these properties?

Bob can prove that a message Authenticity signed by Alice is truly from Alice (even without a pairwise key)

Bob can prove that no one has Integrity tampered with a signed message

Once Alice signs a message, she Non-repudiation cannot subsequently claim she did not sign that message Do handwritten signatures at the end of a letter have these properties?

Would require unforgeable Authenticity handwritten signatures. This is the one property they sort of get

Bob can prove that no one has Integrity tampered with a signed message

Once Alice signs a message, she Non-repudiation cannot subsequently claim she did not sign that message Do handwritten signatures at the end of a letter have these properties?

Would require unforgeable Authenticity handwritten signatures. This is the one property they sort of get

Would require having a signature Integrity that depended on each part in the body of the letter

Once Alice signs a message, she Non-repudiation cannot subsequently claim she did not sign that message Do handwritten signatures at the end of a letter have these properties?

Would require unforgeable Authenticity handwritten signatures. This is the one property they sort of get

Would require having a signature Integrity that depended on each part in the body of the letter

Would require both of the above Non-repudiation (unforgeable signature that depends on each part of letter) Back to authentication

How can we know it was really who posted PK? Back to authentication

Generate public/private key How can we know it was pair (PK,SK); publicize PK really who posted PK? Back to authentication

Generate public/private key How can we know it was pair (PK,SK); publicize PK really who posted PK?

E(KAT, msg || to:Bob) E(KBT, msg || from:Alice)

KAT KBT Alice Bob

KAT KBT Back to authentication

Generate public/private key How can we know it was pair (PK,SK); publicize PK really who posted PK?

E(KAT, msg || to:Bob) E(KBT, msg || from:Alice)

KAT KBT Alice Bob

KAT KBT Can we achieve authentication without Trent in the middle of every message? Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

Alice

Bob Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

PKT Alice

Bob PKT Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

2. Alice generates a public/private PKT key pair and asks Trent to bind her Alice (PKA, SKA) PKA to her identity

Bob PKT Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

Trent vets Alice 2. Alice generates a public/private PKT key pair and asks Trent to bind her Alice (PKA, SKA) PKA to her identity

Bob PKT Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

Trent vets Alice 2. Alice generates a public/private PKT key pair and asks Trent to bind her Alice (PKA, SKA) PKA to her identity

3. Trent signs a message (with SKT):

“The owner of the secret key PKT Bob corresponding to PKA is Alice” Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

Trent vets Alice 2. Alice generates a public/private PKT key pair and asks Trent to bind her Alice (PKA, SKA) PKA to her identity

3. Trent signs a message (with SKT):

“The owner of the secret key PKT Bob corresponding to PKA is Alice” This message + sig = Certificate Authentication with public keys 1. Trent’s public key is widely Trent (PKT, SKT) disseminated (pre-installed in browsers/operating systems)

Trent vets Alice 2. Alice generates a public/private PKT key pair and asks Trent to bind her Alice (PKA, SKA) PKA to her identity

Alice = PKT 3. Trent signs a message (with SKT):

“The owner of the secret key PKT Bob corresponding to PKA is Alice” This message + sig = Certificate Authentication with public keys 4. Alice makes her certificate Trent (PKT, SKT) publicly available (or Bob simply asks for it)

PKT Alice (PKA, SKA) If Bob trusts Trent, then Bob trusts that he knows Alice = PKA Alice’s public key is PKA

Bob PKT Authentication with public keys 4. Alice makes her certificate Trent (PKT, SKT) publicly available (or Bob simply asks for it)

PKT Alice (PKA, SKA) If Bob trusts Trent, then Bob trusts that he knows Alice = PKA Alice’s public key is PKA

Bob PKT Alice = PKA Authentication with public keys 4. Alice makes her certificate Trent (PKT, SKT) publicly available (or Bob simply asks for it)

5. Bob verifies the certificate using PKT PKT Alice (PKA, SKA) If Bob trusts Trent, then Bob trusts that he knows Alice = PKA Alice’s public key is PKA

Bob PKT Alice = PKA Authentication with public keys 4. Alice makes her certificate Trent (PKT, SKT) publicly available (or Bob simply asks for it)

5. Bob verifies the certificate using PKT PKT Alice (PKA, SKA) If Bob trusts Trent, then Bob trusts that he knows Alice = PKA Alice’s public key is PKA

6. Bob (via hybrid encryption) PKT Bob sends a message to Alice Alice = PKA using her public key PKA Authentication with public keys

Trent (PKT, SKT) Properties

Trent vets Alice

PKT Alice (PKA, SKA)

Alice = PKA

Bob PKT Alice = PKA Authentication with public keys

Trent (PKT, SKT) Properties

Trent need be online only Trent vets Alice when giving out certificates, not any time users want to PKT communicate with one another Alice (PKA, SKA)

Alice = PKA

Bob PKT Alice = PKA Authentication with public keys

Trent (PKT, SKT) Properties

Trent need be online only Trent vets Alice when giving out certificates, not any time users want to PKT communicate with one another Alice (PKA, SKA)

Alice = PKA Communication needn’t go through Trent

Bob PKT Alice = PKA Authentication with public keys

Trust assumptions from our Trent (PKT, SKT) symmetric key protocol: 1. Do not read messages Trent vets Alice 2. Do not alter messages 3. Do not forge messages PKT 4. Do not go offline Alice (PKA, SKA)

Alice = PKA

Bob PKT Alice = PKA Authentication with public keys

Trust assumptions from our Trent (PKT, SKT) symmetric key protocol: 1. Do not read messages Trent vets Alice 2. Do not alter messages 3. Do not forge messages PKT 4. Do not go offline Alice (PKA, SKA)

Alice = PKA Trust assumptions in this public key protocol: 1. Correctly vet users Bob PKT (Some more in practice…) Alice = PKA Certificate revocation

3. Trent signs a message (with SKT):

“The owner of the secret key corresponding to PKA is Alice” This message + sig = Certificate

Put another way: “The only person who knows SKA is Alice”

What happens if Alice’s key gets compromised? (Stolen, accidentally revealed, …) Certificate revocation

Trent (PKT, SKT) Please revoke my certificate (ID #3912…)

Alice Certificate revocation

Trent (PKT, SKT) Please revoke Trent signs a message (with SKT): my certificate (ID #3912…) “Certificate ID #3912… is no longer valid, as of April 5, …” Alice Certificate revocation

Trent (PKT, SKT) Please revoke Trent signs a message (with SKT): my certificate (ID #3912…) “Certificate ID #3912… is no longer valid, as of April 5, …” Alice This message + sig = revocation Certificate revocation

Trent (PKT, SKT) Please revoke Trent signs a message (with SKT): my certificate (ID #3912…) “Certificate ID #3912… is no longer valid, as of April 5, …” Alice This message + sig = revocation

Bob obtains revocation information Bob Obtaining revocation data Certificate Revocation Lists (CRLs)

A (often large) signed list of revocations

“Certificate ID #3912… is Trent no longer valid, as of April 5, …” Obtaining revocation data Certificate Revocation Lists (CRLs)

A (often large) signed list of revocations

“Certificate ID #3912… is Trent no longer valid, as of April 5, …”

Browsers and OSes occasionally download CRLs

Bob Obtaining revocation data Certificate Revocation Lists (CRLs)

A (often large) signed list of revocations

“Certificate ID #3912… is Trent no longer valid, as of April 5, …”

Browsers and OSes occasionally download CRLs

Disincentive: CRLs can be large, Bob so it takes time & bandwidth Obtaining revocation data Certificate Revocation Lists (CRLs)

A (often large) signed list of revocations

“Certificate ID #3912… is Trent no longer valid, as of April 5, …”

Browsers and OSes occasionally download CRLs

Disincentive: CRLs can be large, Bob so it takes time & bandwidth

Result: delayed days/weeks/forever Obtaining revocation data Online Certificate Status Protocol (OCSP)

Browsers and OSes perform OCSP checks on-demand (when verifying the certificate)

Bob Trent Obtaining revocation data Online Certificate Status Protocol (OCSP)

Browsers and OSes perform OCSP checks on-demand (when verifying the certificate)

Is certificate ID #3912… still valid? Bob Trent Obtaining revocation data Online Certificate Status Protocol (OCSP)

Browsers and OSes perform OCSP checks on-demand (when verifying the certificate)

Is certificate ID #3912… still valid? Bob Trent

“Certificate ID #3912… is still longer valid, as of April 5, …” SKT Obtaining revocation data Online Certificate Status Protocol (OCSP)

Browsers and OSes perform OCSP checks on-demand (when verifying the certificate)

Is certificate ID #3912… still valid? Bob Trent

“Certificate ID #3912… is still longer valid, as of April 5, …” SKT

Disincentive: Still delays the initial validation of the certificate (can increase webpage load time) Obtaining revocation data OCSP Stapling

Websites issue OCSP requests, include responses in initial handshake

Is certificate ID #3912… still valid? Alice Trent

“Certificate ID #3912… is still longer valid, as of April 5, …” SKT Alice forwards this to Bob along with the certificate when they first start to communicate Certificate revocation responsibilities

Alice’s responsibility: Request revocations

Trent’s responsibility: Make revocations publicly available

Bob’s responsibility: Check for revocations Certificates in the wild The lock icon indicates that the browser was able to authenticate the other end, i.e., validate its certificate Certificate chain

Subject (who owns the public key)

Common name: the URL of the subject

Issuer (who verified the identity and signed this certificate) Verifying certificates

Browser Certificate “I’m because says so” Verifying certificates

Browser Certificate “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Browser Certificate “I’m because I say so!”

Certificate “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Browser Certificate “I’m because I say so!”

Certificate “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Browser Certificate “I’m because I say so!” Root key store

Every device has one Certificate “I’m because says so” Must not contain malicious certificates

Certificate “I’m because says so” Verifying certificates

Browser Certificate “I’m because I say so!”

Certificate “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Browser Certificate ✓ “I’m because I say so!”

Certificate “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Certificate ✓ “I’m because I say so!”

Browser Certificate “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Certificate ✓ “I’m because I say so!”

Browser Certificate ✓ “I’m because says so”

Certificate “I’m because says so” Verifying certificates

Certificate ✓ “I’m because I say so!”

Certificate ✓ “I’m because says so”

Browser Certificate “I’m because says so” Verifying certificates

Certificate ✓ “I’m because I say so!”

Certificate ✓ “I’m because says so”

Browser Certificate ✓ “I’m because says so” Serial number: Uniquely identifies this cert with respect to the issuer (look for this in CRLs)

Signature algorithm: How the issuer will sign parts of the cert

Not valid before/after: When to start and stop believing this cert (start & expiration dates)

The public key: And the issuer’s signature of the public key Subject Alternate Names: Other URLs for which this cert should be considered valid. (wellsfargo.com is not the same as www.wellsfargo.com)

Can include wildcards, e.g., *.google.com

CRL & OCSP: Where to go to check if this certificate has been revoked

Non-cryptographic checksums Certificate types Why are these different? Certificate types Why are these different?

This is an EV (extended validation) certificate; browsers show the full name for these kinds of certs Proper reaction to

1. Patch the software

2. “Reissue” a new key (get a new one and load it onto your servers)

3. Revoke the old key Proper reaction to Heartbleed

1. Patch the software

2. “Reissue” a new key (get a new one and load it onto your servers)

3. Revoke the old key

Order matters! If we reissued and then patched, then our new key would be compromised, too. If we revoked first, we’d be offline. Heartbleed

OpenSSL Heartbleed

“hi” 2 OpenSSL Heartbleed

“hi” 2 OpenSSL “hi” Heartbleed

OpenSSL Heartbleed

“hi” 22 OpenSSL Heartbleed

“hi” 22 OpenSSL “hi” +20B from memory

< 216 Heartbleed

“hi” 22 OpenSSL “hi” +20B from memory

< 216

Potentially reveals user data and private keys Heartbleed exploits were undetectable Why study Heartbleed?

Akamai Discovered patched Publicly announced

03/21 04/02 04/07 Why study Heartbleed?

Akamai Discovered patched Publicly announced

03/21 04/02 04/07

Every vulnerable website should have:

1 Patched 2 Revoked 3 Reissued Why study Heartbleed?

Akamai Discovered patched Publicly announced

03/21 04/02 04/07

Every vulnerable website should have:

1 Patched 2 Revoked 3 Reissued

Heartbleed is a natural experiment: How quickly and thoroughly do administrators act? Dataset

Rapid7 data 22M certs (~1/wk for 6mos) Dataset

2.8M certs Alexa Top-1M

Rapid7 filter data CAs 22M certs (~1/wk for 6mos) 9k certs Dataset

2.8M certs Alexa Top-1M

Rapid7 filter Leaf Set data validate CAs 22M certs 628k certs (~1/wk for 6mos) 165k domains 9k certs Dataset

2.8M certs Alexa Top-1M

Rapid7 filter Leaf Set data validate CAs 22M certs 628k certs (~1/wk for 6mos) 165k domains 9k certs

• Download CRLs • Detect vulnerability • Identify Heartbleed-induced reissues & revocations Dataset

2.8M certs Alexa Top-1M

Rapid7 filter Leaf Set data validate CAs 22M certs 628k certs (~1/wk for 6mos) 165k domains 9k certs

• Download CRLs • Detect vulnerability • Identify Heartbleed-induced reissues & revocations Prevalence and patch rates

0.6 WasWas ever ever vulnerable vulnerable 0.5 Still vulnerableStill after vulnerable 3 weeks 0.4 0.3 0.2 0.1 Fraction of Domains

Vulnerable to Heartbleed 0 0 200000 400000 600000 800000 1e+06 Alexa Site Rank (bins of 1000) Prevalence and patch rates

0.6 WasWas ever ever vulnerable vulnerable 0.5 Still vulnerableStill after vulnerable 3 weeks 0.4 0.3 0.2 0.1 Fraction of Domains

Vulnerable to Heartbleed 0 0 200000 400000 600000 800000 1e+06 Alexa Site Rank (bins of 1000) Prevalence and patch rates

0.6 WasWas ever ever vulnerable vulnerable 0.5 Still vulnerableStill after vulnerable 3 weeks 0.4 0.3 0.2 0.1 Fraction of Domains

Vulnerable to Heartbleed 0 0 200000 400000 600000 800000 1e+06 Alexa Site Rank (bins of 1000)

Patching rates are mostly positive Only ~7% had not patched within 3 weeks How quickly were certs revoked?

1200 1000 800 600 400 200

Number of Domains/Day 0 03/01 03/08 03/15 03/22 03/29 04/05 04/12 04/19 04/26 Date How quickly were certs revoked?

1200 1000 800 600 400 200

Number of Domains/Day 0 03/01 03/08 03/15 03/22 03/29 04/05 04/12 04/19 04/26 Date

Reaction ramps up quickly How quickly were certs revoked?

1200 1000 800 600 400 200

Number of Domains/Day 0 03/01 03/08 03/15 03/22 03/29 04/05 04/12 04/19 04/26 Date

Reaction ramps up quickly How quickly were certs revoked?

1200 1000 800 Weekends 600 400 200

Number of Domains/Day 0 03/01 03/08 03/15 03/22 03/29 04/05 04/12 04/19 04/26 Date

Reaction ramps up quickly Security takes the weekends off Certificate update rates

3 wks 1 0.95 0.9 Not revoked 0.85 0.8 0.75 Not reissued 0.7 0.65 not Revoked/Reissued

Frac. of Vulnerable Certs 0.6 04/07 04/21 05/05 05/19 06/02 06/16 06/30 07/14 07/28 Date Certificate update rates

3 wks 1 0.95 0.9 Not revoked 0.85 0.8 0.75 Not reissued 0.7 0.65 not Revoked/Reissued

Frac. of Vulnerable Certs 0.6 04/07 04/21 05/05 05/19 06/02 06/16 06/30 07/14 07/28 Date Certificate update rates

3 wks 1 0.95 0.9 Not revoked 0.85 0.8 0.75 Not reissued 0.7 0.65 not Revoked/Reissued

Frac. of Vulnerable Certs 0.6 04/07 04/21 05/05 05/19 06/02 06/16 06/30 07/14 07/28 Date Similar pattern to patches: Exponential drop-off, then levels out

After 3 weeks: 13% Revoked 27% Reissued Reissue ⇒ New key?

0.6 0.5 0.4 0.3 0.2

0.1 All reissues Heartbleed-induced reissues 0 Fraction of New Certificates Reissued with the Same Key 11/2013 12/2013 01/2014 02/2014 03/2014 04/2014 05/2014 Date of Birth Reissue ⇒ New key?

0.6 0.5 0.4 0.3 0.2

0.1 All reissues Heartbleed-induced reissues 0 Fraction of New Certificates Reissued with the Same Key 11/2013 12/2013 01/2014 02/2014 03/2014 04/2014 05/2014 Date of Birth Reissue ⇒ New key?

0.6 0.5 0.4 0.3 0.2

0.1 All reissues Heartbleed-induced reissues 0 Fraction of New Certificates Reissued with the Same Key 11/2013 12/2013 01/2014 02/2014 03/2014 04/2014 05/2014 Date of Birth Reissuing the same key is common practice 4.1% Heartbleed-induced The ugly truth of revocations

93% Patched 13% Revoked 27% Reissued

Security is supposed to be a fundamental design goal, but • Administrators trade off security for ease of maintenance/cost • Certificate authorities trade off security for profit Can we wait for expiration?

1

0.8

0.6

CDF 0.4

0.2

0 0 1 2 3 4 5 6 Years of Remaining Validity Can we wait for expiration?

Vulnerable but not revoked 1

0.8

0.6

CDF 0.4

0.2

0 0 1 2 3 4 5 6 Years of Remaining Validity Can we wait for expiration?

Vulnerable but not revoked 1

0.8

0.6 ~40% of vulnerable certs CDF 0.4 will not expire for over 1 year 0.2

0 0 1 2 3 4 5 6 Years of Remaining Validity Can we wait for expiration?

Vulnerable but not revoked 1

0.8

0.6 ~40% of vulnerable certs CDF 0.4 will not expire for over 1 year 0.2

0 0 1 2 3 4 5 6 Years of Remaining Validity

We may be dealing with Heartbleed for years Testing browser behavior

Revocation • Browsers should support all major protocols protocols • CRLs, OCSP, OCSP stapling

Availability of • Browsers should reject certs they cannot check revocation info • E.g., because the OCSP server is down

Chain • Browsers should reject a cert if any on the chain fail lengths • Leaf, intermediate(s), root Testing browser behavior

Revocation • Browsers should support all major protocols protocols • CRLs, OCSP, OCSP stapling

Availability of • Browsers should reject certs they cannot check revocation info • E.g., because the OCSP server is down

Chain • Browsers should reject a cert if any on the chain fail lengths • Leaf, intermediate(s), root

Root

Intermediate … Intermediate

Leaf Testing browser behavior

Revocation • Browsers should support all major protocols protocols • CRLs, OCSP, OCSP stapling

Availability of • Browsers should reject certs they cannot check revocation info • E.g., because the OCSP server is down

Chain • Browsers should reject a cert if any on the chain fail lengths • Leaf, intermediate(s), root

Root signs

Intermediate … Intermediate

Leaf Testing browser behavior

Revocation • Browsers should support all major protocols protocols • CRLs, OCSP, OCSP stapling

Availability of • Browsers should reject certs they cannot check revocation info • E.g., because the OCSP server is down

Chain • Browsers should reject a cert if any on the chain fail lengths • Leaf, intermediate(s), root

Root signs

Intermediate … Intermediate

Leaf Testing browser behavior

Revocation • Browsers should support all major protocols protocols • CRLs, OCSP, OCSP stapling

Availability of • Browsers should reject certs they cannot check revocation info • E.g., because the OCSP server is down

Chain • Browsers should reject a cert if any on the chain fail lengths • Leaf, intermediate(s), root

Root signs

Intermediate … Intermediate

Leaf Results across all browsers

✔ Passes test ev Passes for EV certs a Pops up alert to user ✗ Fails test i Ignores OCSP Staple l/w Passes on Linux/Win. Results across all browsers

Chrome

Generally, only checks for EV certs ~3% of all certs

Allows if revocation info unavailable

Supports OCSP stapling

✔ Passes test ev Passes for EV certs a Pops up alert to user ✗ Fails test i Ignores OCSP Staple l/w Passes on Linux/Win. Results across all browsers

Firefox

Never checks CRLs Only checks intermediates for EV certs

Allows if revocation info unavailable

Supports OCSP stapling

✔ Passes test ev Passes for EV certs a Pops up alert to user ✗ Fails test i Ignores OCSP Staple l/w Passes on Linux/Win. Results across all browsers

Safari

Checks CRLs and OCSP

Allows if revocation info unavailable Except for first intermediate, for CRLs

Does not support OCSP stapling

✔ Passes test ev Passes for EV certs a Pops up alert to user ✗ Fails test i Ignores OCSP Staple l/w Passes on Linux/Win. Results across all browsers

Internet Explorer

Checks CRLs and OCSP

Often rejects if revocation info unavailable Pops up alert for leaf in IE 10+

Supports OCSP stapling

✔ Passes test ev Passes for EV certs a Pops up alert to user ✗ Fails test i Ignores OCSP Staple l/w Passes on Linux/Win. Results across all browsers

Mobile Browsers

Uniformly never check

Android browsers request Staple …and promptly ignore it

✔ Passes test ev Passes for EV certs a Pops up alert to user ✗ Fails test i Ignores OCSP Staple l/w Passes on Linux/Win.